Description
PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a payload exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denial of service condition.
Published: 2026-04-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

PixGPS 1.1.8 contains a buffer overflow flaw that can be triggered by inputting a string longer than 6000 bytes into the Folder with picture files field. The overflow causes the application to crash, resulting in a denial of service. The weakness is a classic stack-based buffer overflow (CWE‑120).

Affected Systems

The affected product is Br‑Software’s PixGPS 1.1.8. No other vendors or versions are listed as impacted at this time.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. The EPSS score of less than 1% reflects a very low likelihood of exploitation. The vulnerability is local; an attacker must have access to the machine running PixGPS to craft and submit the oversized string, and it is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 28, 2026 at 13:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PixGPS to a version that patches the buffer overflow, such as 1.1.9 or later.
  • If upgrading is not immediately possible, limit or disable the Folder with picture files input to prevent large strings from being processed.
  • Restrict local execution of PixGPS to trusted users only, using system access controls or group policy.

Generated by OpenCVE AI on April 28, 2026 at 13:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Br-software
Br-software pixgps
Vendors & Products Br-software
Br-software pixgps
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description PixGPS 1.1.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized string to the folder path input field. Attackers can craft a payload exceeding 6000 bytes and paste it into the 'Folder with picture files' field to trigger a denial of service condition.
Title PixGPS 1.1.8 Buffer Overflow Denial of Service
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Br-software Pixgps
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T20:07:13.904Z

Reserved: 2026-04-26T12:59:47.086Z

Link: CVE-2018-25277

cve-icon Vulnrichment

Updated: 2026-04-27T20:07:10.231Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:28.243

Modified: 2026-04-27T18:55:32.883

Link: CVE-2018-25277

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:30:32Z

Weaknesses